Security news.
Critical vulnerabilities in enterprise software and AI infrastructure dominate today's threat landscape, with active exploitation campaigns targeting Ollama deployments, Android systems, and multiple CMS platforms. Meanwhile, OAuth token persistence and phishing campaigns continue to bypass traditional security control
Critical "Bleeding Llama" Vulnerability Exposes 300,000 Ollama Deployments
A heap out-of-bounds read flaw (CVE pending) allows unauthenticated remote exploitation to steal sensitive data from AI infrastructure.
Critical Android RCE Vulnerability CVE-2026-0073 Patched
A critical flaw in Android's System component enables remote code execution without user interaction.
Weaver E-cology RCE CVE-2026-22679 Actively Exploited
A critical unauthenticated remote code execution flaw (CVSS 9.8) in the enterprise OA platform is being actively exploited via debug API endpoints.
MetInfo CMS CVE-2026-29014 Under Active Exploitation
Threat actors are exploiting a critical code injection flaw (CVSS 9.8) in MetInfo versions 7.9, 8.0, and 8.1 for arbitrary code execution.
Persistent OAuth Tokens Enable Undetected Cloud Access
OAuth tokens from AI tools and productivity apps lack expiration dates and automatic cleanup, allowing attackers to bypass MFA and maintain persistent access to cloud services.
Large-Scale Phishing Campaign Targets 35,000 Users Across 26 Countries
A multi-stage credential theft campaign leveraging code-of-conduct lures and legitimate email services compromised over 13,000 organizations between April 14-16.
CloudZ RAT Deploys Pheno Plugin to Steal SMS and OTPs via Microsoft Phone Link
A new malicious plugin hijacks the Microsoft Phone Link connection to intercept sensitive authentication codes from mobile devices.
ScarCruft Supply Chain Attack Delivers BirdCall Malware to Android and Windows
North Korea-linked APT37 compromised a gaming platform to distribute the BirdCall backdoor, marking the first Android variant targeting ethnic Koreans in China.